The role of new high-assurance IT paradigms and certifications in delivering constitutionally- meaningful* e-privacy and e-security to all, while preserving public safety and cyber-investigation capabilities

The world’s greatest IT security and civil rights experts, including Bruce Schneier, Richard Stallman, and Bart Preneel, engaged in intense panel sessions and “micro TED-style” keynotes, brain-stormed and found common grounds with leading organizations and EU institutions, including DG Connect, ECSEL JU, EDPS, European Defence Agency.

Speakers

Bruce Schneier

Board member at Electronic Frontier Foundation, Open Technology Institute and EPIC. Fellow at Harvard Law School. CTO at Resilient Systems. Arguably the world’s most-renowned and recognized IT security expert.

Bart Preneel

Director at COSIC TU Leuven. President at International Association for Cryptologic Research. Arguably EU’s most peer-recognized IT security expert and researcher.

Richard Stallman

President of the Free Software Foundation. Founder of the Free Software movement. Inventor of the Free/Open Source Software licenses. Creator of the GNU/Linux OS, basis a majority of mobile and server computing devices.

Intro

Main ambition of the workshop is therefore to jointly define innovative techno-organizational certifications and certification governance models – within at least some current national legislative frameworks – for next generation high-assurance IT services, as well asconstitutional “endpoint” lawful access systems.

Necessarily, after Snowden and recent hacks, these new paradigms will need to assume that highly-skilled state and non-state attackers, with very limited actual liability risk, are willing to devote tens of million of euros to sustainably compromise its supply chain. They will therefore renounce to the need or assumption of trust in anything and anyone that is critically involved in any critical IT service life-cycle component, from certifications governance to hardware fabrication oversight; except on the assurance quality of the overall organizational governance of all intrinsic socio-technical constrains and (dis)incentives bearing on all entities critically involved in the entire life-cycle.

We have identified the solution of two core challenges, Challenges A and Challenge B, as crucial to jump-start such opportunities, as you can see our program and the in detail in the our backgrounder.

CHALLENGE A: Is it feasible to provide ordinary citizens access to affordable and user-friendly end-2-end IT services with constitutionally-meaningful* levels of user-trustworthiness, as a supplement to their every-day computing devices? If so, how? What scale of investments are needed? What standards/certifications can enable a user to reliably distinguish them from other services?

CHALLENGE B: Provided that Challenge A can be met, can new voluntary international IT certifications – within some nations’ current legislative frameworks – provide safeguards that are sufficiently-extreme to reconcile meaningful personal privacy, effective lawful access and prevention of malevolent use? If so, what are the core paradigms of such certification processes?

On the medium and long term term, it is hoped that the envisioned certifications can spur substantial R&D projects and open ecosystems in a solid actionable path to participating actors and nations with: a renewed digital sovereignty of the communications of citizens and public institutions; a global business leadership in the most strategic security-sensitive IT sectors (such as autonomous vehicles, advanced narrow-AI, critical infrastructure, intelligence and lawful access systems); a reference for a “trustworthy computing base” for the defense of critical assets and infrastructures and strategic defense communication; a sound low-level technological basis and governance model for ever wider AI systems in critical societal scenarios, including autonomous and semi-autonomous moving devices.

The workshop was conceived by the non-profit R&D and innovation institute Open Media Cluster (now called Trustless Computing Association), led by Rufo Guerreschi, and co-organized with EIT Digital Action Line for Privacy, Security & Trust, led by Jovan Golic, internationally renowned cryptographer and IT security expert.

Art by Alexander Ariese

The event aims at fostering a proactive approach deploying trustworthy and transparent innovative technologies bridging the gaps between available techniques and practice. This is seen as necessary to sustain a further growth of the data-driven economy. To this end, it is also crucial to break out of the “privacy vs safety” zero-sum game mindset and, instead, decisively converge on win-win approaches and standards that will substantially reconcile basic human rights and needs to protect and control sensitive data, not only personal, on one side, with legitimate needs for cyber-investigation to get more effective protection against crimes in cyberspace and the physical world, on the other. The resolution of this apparent dichotomy is seen as necessary if meaningfully-secure high-assurance IT is to be let legally available in the market.

—————————————–

* Definitions. While perfect assurance is impossible we found crucial to arbitrarily define, as concretely as “possible, an high enough” target level of trustworthiness, to set a base for discussions. Therefore, for the purpose of this event, we’ll adopt the following definition: “An IT service has constitutionally-meaningful levels of trustworthiness when his levels of confidentiality, authenticity, integrity and non-repudiation are sufficiently high to make its use, in ordinary user scenarios, rationally compatible to the full and effective Internet-connected exercise of their core civil rights, except for voting in governmental elections. In more concrete terms, it defines an end-2-end computing service that warrants extremely well-placed confidence that an extremely skilled attacker – willing to perform continuous or pervasive comprimization – would incur costs and risks that exceed the following: (1) for the comprimization of the lifecycle including the supply chain, the tens of millions of euros, and significant discoverability (albeit with unlikely actual liability), that are typically sustained by well-financed and advanced public and private actors, for high-value supply chains, through legal and illegal subversions of all kinds, including economic pressures; or (2) for comprimization of a single user, the tens of thousands of euros, and a significant discoverability, such as those associated with enacting such level of abuse through on-site, proximity-based user surveillance, or non-scalable remote endpoint techniques, such as NSA TAO”.